Sun Microsystems, Inc.
spacerspacer
spacer www.sun.com docs.sun.com |
spacer
black dot
 
 
7.  Security Issues Manipulating Access to the Server Client Authority File  Previous   Contents   Next 
   
 

Allowing Access When Using MIT-MAGIC-COOKIE-1

If you are using the MIT-MAGIC-COOKIE-1 authorization protocol, follow these steps to allow another user access to your server.

  1. On the machine running the server, use xauth to extract an entry corresponding to hostname:0 into a file.

    For this example, hostname is anyhost and the file is xauth.info.

    myhost%$OPENWINHOME/bin/xauth

nextract - anyhost:0 >

$HOME/xauth.info

  2. Send the file containing the entry to the user requesting access (using Mail Tool, rcp, or some other file transfer protocol).

    Note - Mailing the file containing your authorization information is a safer method than using rcp. If you do use rcp, do not place the file in a directory that is easily accessible by another user.

  3. The other user must merge the entry into their .Xauthority file.

    For this example, userhost merges xauth.info into their .Xauthority file.

    userhost%$OPENWINHOME/bin/xauth nmerge - <xauth.info

    Note - The auth-data is session-specific; therefore, it is valid only as long as the server is not restarted.

Allowing Access When Using SUN-DES-1

If you are using the SUN-DES-1 authorization protocol, follow these steps to allow another user access to your server.

  1. On the machine running the server, use xhost to make the new user known to the server.

    For example, to allow new user somebody to run on myhost, type:

    myhost%xhost +somebody@

  2. The new user must use xauth to add the entry into their .Xauthority file.

    For this example, the new user somebody's machine-independent netname is unix.15339@EBB.Eng.Sun.COM.

    userhost%echo 'addmyhost:0SUN-DES-1

"unix.15339@EBB.Eng.Sun.COM"'

| $OPENWINHOME/bin/xauth

Running Clients Remotely, or Locally as Another User

X clients use the value of the DISPLAY environment variable to get the name of the server to which they should connect.

To run clients remotely, or locally as another user, follow these steps:

  1. On the machine running the server, allow another user access.

    Depending on which authorization protocol you use, follow the steps outlined in either "Allowing Access When Using MIT-MAGIC-COOKIE-1" or "Allowing Access When Using SUN-DES-1".

  2. Set DISPLAY to the name of the host running the server.

    For this example, the host is remotehost.

    myhost%setenv DISPLAYremotehost:0

  3. Run the client program.

    The client is displayed on the remote machine, remotehost.

    myhost%client_program&

 		 
 
  Previous   Contents   Next